IMF Tune v6.0 - Forefront Protection 2010 for Exchange Support

A new IMF Tune version is available for download! Version 6 is introducing native support for Forefront Protection 2010 for Exchange.

IMF Tune now supports all Microsoft anti-spam engines available for Exchange 2003, 2007 and 2010. Version 6 continues to fully support the Exchange 2003 Intelligent Message Filter and the free Exchange 2007/2010 Content Filter. In addition to these we now also have Forefront Protection 2010.

Unlike anti-spam, Exchange does not include any built-in anti-virus protection. When looking at the solutions IMF Tune users are adopting to fill this gap Forefront is clearly the solution of choice. However Forefront also brings its own anti-spam Content Filter which IMF Tune v6 is now embracing.

With Forefront support, IMF Tune users now have more choice when it comes to spam filtering. One can choose to employ the free Content Filter included with the Exchange anti-spam transport agents. Otherwise if Forefront is installed, the Forefront Content Filter can be employed instead. Switching back from Forefront to the free anti-spam agents is also supported. In this manner IMF Tune users stay in control.

Why use IMF Tune and Forefront Together?

IMF Tune today is so feature rich that it gives a significant boost in functionality even when employed with Forefront. Additional spam filters, email moderation from the browser, extensive reporting, and a much more effective configuration interface are the key selling points.

Installing IMF Tune with Forefront

When running IMF Tune with Forefront it is best to follow this order:

Install Forefront Protection 2010 for Exchange

Enable Forefront Protection Anti-Spam. This is done either at installation time or from the Forefront Management Console.

Restart the Microsoft Exchange Transport Server service to ensure the Forefront Content Filter is completely installed.

Install IMF Tune v6.0 Server.

If IMF Tune is installed before Forefront, we may need to refresh the transport agent priority. The need for this will be detected on opening the IMF Tune configuration. Here is how to proceed in this case:

Install Forefront Protection 2010 for Exchange

Enable the Forefront Protection Anti-Spam. This is done either at installation time or from the Forefront Management Console.

Open the IMF Tune Configuration. This will detect and report any problems.

If a problem concerning the agent priority is reported, open the command prompt, and from the IMF Tune application directory run: InstAgents.exe -priority

IMF Tune Configuration for Forefront

IMF Tune v6 is introducing a new configuration category that is most useful when running Forefront. Here we configure how IMF Tune is to deal with emails having an initial SCL -1 rating.

IMF Tune processes emails after that Forefront completes its own processing. So IMF Tune starts from an initial SCL that can be anything from -1 to 9.

Exchange 2003 IMF and Exchange 2007/2010 Content Filter assign SCL -1 only when an email matches a whitelist or in case of internal emails. Note that here we are referring to Exchange whitelists not IMF Tune whitelists. For example Exchange provides the IP Accept List. If an email is received from a host whose IP matches this Accept List an SCL -1 rating is assigned.

Forefront assigns SCL -1 with less restraint. Indeed, it uses SCL -1 to also stamp emails classified as legitimate by the Forefront Content Filter. This is the case even if the email does not match any whitelist.

The distinction between whitelisted emails and emails classified as legitimate through content analysis is useful to IMF Tune. When IMF Tune finds a whitelisted email (SCL -1), no blacklists or SCL Rules are applied. So with Forefront's rating system we end up with many more emails bypassing blacklist processing.

Let's say our Organization wants to blacklist a mailing list that sends out daily jokes. This is an opt-in mailing and Forefront correctly classifies these emails as legitimate, possibly assigning SCL -1. The IMF Tune blacklists will be bypassed unless we change the settings at the Exchange/Forefront SCLs category.

Customizing SCL -1 Handling for Forefront

IMF Tune can be configured to further analyze emails having an SCL -1 rating. Normally the goal is to distinguish between emails that are explicitly whitelisted and emails classified as legitimate by Forefront content filtering.

IMF Tune does this by looking for special keywords within the header: X-MS-Exchange-Organization-Antispam-Report

This header gives details on how the SCL rating was arrived at. For example if an email matches the Exchange IP Allow List, the report will contain the keyword IPOnAllowList. Other keywords are used to identify other Exchange built-in whitelists.

To enable this functionality go to the Exchange/Forefront SCLs category.

In this mode IMF Tune won't apply any blacklists and SCL rules to emails having an SCL -1 rating. This is the correct behaviour when employing the built-in Exchange 2007/2010 Content Filter.

When running Forefront we may want to change this setting to: Change SCL to 0 and process normally

With this setting IMF Tune is allowed to change the initial rating from -1 to 0. IMF Tune is then able to process the email normally applying whitelists, blacklists and rules to reach the final SCL rating.

This change in SCL is not done blindly. The process is controlled through a set of configurable exceptions that are enabled through the checkboxes: Except if connection is authenticatedExcept if the anti-spam report contains any of these keywords

Following these checkboxes, we have the keyword list to be tested against the anti-spam report header. This is initialized with a set of standard keywords obtained from official documentation and through testing. Thus WinDeveloper recommends caution when modifying this list.

Upgrading

The IMF Tune v6 server can be installed directly on top of IMF Tune v5.x and v4.x installations. This allows the installation to convert all configuration settings automatically. Earlier IMF Tune versions can be upgraded by uninstalling the older release and installing version 6 to the same disk location. For a detailed discussion of all possible upgrading/migration scenarios please refer to Upgrading/Migrating to IMF Tune v6.0.

Licensing

IMF Tune v6 will run in 30 day evaluation mode on first install. Following that, extended evaluation licenses will be provided on request.

Please note that IMF Tune v5.x licenses will not work with IMF Tune v6. We will be providing free upgrade licenses to users having a valid Maintenance Agreement in the next few weeks.